This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.

Friday, June 17, 2016

Concerns About Telstra Health Providing The National Cancer Screening Registry Just Rumble On. I Am Not Sure Why.

Stumbling down rabbit holes can lead to unexpected places; just ask Alice, she found herself in a Wonderland of strange characters and odd situations.

Her fall may be fictional, but it reflects the same rabbit hole in which Australians may find themselves if the latest deal between the federal government and Telstra is allowed to see the light of day without intense scrutiny. Like Alice, this is a dark comedy that may have severe consequences.

Telstra was recently awarded a $220 million contract by the government to establish a Cancer Register, which is unclear in its objective. That is, to provide “a robust IT solution-based support system for the expanded National Bowel Cancer Screening Program and the renewed National Cervical Screening Program” or a full “National Cancer Screening Register”.

Why is the federal government limiting the solution to just two and not all cancers? Is it an IT platform to assist the screening program for those cancers or is it a national register?

This needs to be answered by the government because these are two totally different outcomes, with substantially different implications: one being effectively a contact database, linked to electronic or paper-based reminders not containing sensitive information; and the other being a full personal “cancer” health record containing test results, treatments and other highly sensitive information.

It has been assumed for the federal government to award the $220m contract to Telstra, that it is only a contact database/notification platform. It’s something telcos do routinely.

Everyone receives paper-based, email or SMS notifications to inform them they are near their limits, exceeding their limits or anything else they believe is pertinent to their daily lives, so it makes sense this service be expanded to let us all know when we should be undertaking our cancer screening.

The rabbit hole we potentially find ourselves in occurs if the government deems it appropriate to place our personal medical data, cancer screening results, in the hands of a telco.

Telstra as an organisation has experienced serious data breaches and continues to struggle to operate a stable communications network, which is its core business. There will be no solace in free data days or $25 credits if this environment is breached and the personal health data pilfered.

Telstra Health has won the tender to manage the National Bowel Cancer and Cervical Screening data register. The company will be responsible for collating and amalgamating the data currently stored on separate State databases into one national register and overseeing the register’s operations.

Concerns have arisen over the potential for inadvertent and unauthorised breaches of private information, heightened by recent instances of data released by Telstra.

While the exact nature of the privacy protections outlined in the tender are unknown and it remains unclear whether sufficient avenues will be available to allow consumer actions against Telstra Health as an incentive to strengthen the company’s privacy policies, the Commonwealth privacy legislation will apply to the register and any misuse of data could be an offence under the Criminal Code.

My view on all this concern is that wherever there is a database of sensitive information there is risk of breach. That being the case I would far rather have my personal information managed by professional health IT staff - as they will be with Telstra Health - rather than small public sector organisations scattered all over the country in State-Based Registries.

To imagine Telstra Health does not understand how important it is they get this one right simply defies common sense. Be assured they will be doing their very best to get this working safely, securely and well.

David.

p.s I notice that the MD of Telstra Health (Shane Solomon) also has a strong take on why every-one should take a deep breath. See here:

6 comments:

Anonymous
said...

In the 14 June story Shane Solomon said "Health professionals and patients alike will be able to access their medical records, either via an online portal, or by calling the Australia-based register contact centre for assistance."

.... mmm .. access their medical records .... what exactly does that mean?

Cancer Registries do not hold information on people who do not have cancer and they are neither opt-in or opt-out facilities. Basically anyone with a cancer should be recorded on the Cancer Registry.

It does seem reasonable that a person and their health professional should be able to access the details of what is held on the Cervical and Bowel Cancer Registry Record subject to appropriate security, confidentiality and (perhaps) patient authorization.

But what isn't clear here however is whether these facilities will be limited to Cancer Registry Records or whether they are intended to form the base for a full medical record!

Patient demographic and identity and health professional demographic and identity data will all routinely form part of the Cancer Registry database. So why not extend the functionality to include all pathology tests and all imaging tests, or for that matter all operations and all medications and dates of admission and discharge from hospitals. In fact why not extend the Cancer Registry to replace the Department's My Health Record?

Surely this needs to be clarified a lot more precisely not only by Telstra but also the Health Department.

i think you have entirely missed the longer term play and what is occuring david. Its not privacy/security etc but rather the economic value of the data that ultimately is the battle front. Sure we will all get re-assured about privacy /security just like facebook says they are about connecting the world/making it a more open place. Its the economic value of the data that is underneath all of this that is really telstra healths play.

To be or not to be - that is the question - indeed it is. And pray tell - what is the answer?

Why is the federal government limiting the solution to just two and not all cancers?

Is it an IT platform to assist the screening program for those cancers or is it a national register?

This needs to be answered by the government because:- these are two totally different outcomes, with substantially different implications: one being effectively a contact database, linked to electronic or paper-based reminders not containing sensitive information; and the other being a full personal “cancer” health record containing test results, treatments and other highly sensitive information.

David, I absolutely agree with your comments. Any database is at risk of being hacked. There is nothing like the potential of a large fine to ensure that an organization will do everything possible to ensure the security of that data.

The hyperventilating over this by some makes no sense. They need to consider the potential benefits that this data can deliver and the skills that organisations such as Telstra have in making that data available to approved users.

I would agree that a national database might be a good idea. However I disgree with your assertion:

"...I would far rather have my personal information managed by professional health IT staff - as they will be with Telstra Health..."

I think you are being either shallow or thoughtless to make that assertion. In time we will sure to find out how much of that work will be handled by corporate cowboy managers, and the hiring of 'sub contractors' (or acquisition of some other small tech company) to do things, especially when they too have no experience with delivering something as new as this.

When you assert "small public sector organisations scattered all over the country in State-Based Registries," are bad I think you are being naive in advocating that a for-profit mega-corporation is going to be superior by definition.

I think we have read from some of your other links that Telstra has already approached others with currently some of these existing "State-Based Registries" for 'help'.

Remember their priorities: Management and Shareholders first, Employees and end users somewhere lower...